McAfee macOS Configuration Profiles

McAfee Agent command-line switches

Configuration Profiles in macOS
What allowed extensions or filters are required to enable McAfee endpoint products to successfully protect your Mac depends on what version of macOS you are running. McAfee provides sample configuration profiles (in the KB links below) that you can directly import or use for inspiration in building your own. It doesn’t hurt to use the same profiles on multiple OS versions as the older OS versions will just ignore what doesn’t apply. All configuration profiles are required for successful use of McAfee endpoint products on Mac.

Note to Mac Admins: Bundle IDs for Extensions (System or Kernel) need to be explicitly defined in Big Sur and Monterey. Please view the Kext KB links below for the bundle IDs.

Note to Jamf Pro Admins: Uploading a System Extension config profile is currently broken (PI-008562). You will have to create and populate the system extension profile yourself. Click here and here for example screen shots.


Remove McAfee Agent saliently push to client form … – Jamf Nation Community – 141927

Great Resource:

Link to modify McAfee Deployment

Try Editing:


STATUS=$(systemextensionsctl list | grep 'com.mcafee.CMF.networkextension' | awk -F' ' {'print $6'})

if [ -z $STATUS ]; then
# System extension not loaded, check for kext
KEXTSTATUS=$(kextstat | grep 'com......')
if [ -z $KEXTSTATUS ]; then
echo "[not detected]"
echo "[kext running]"
echo "$STATUS"

exit 0

Link to Simple MDM Kernel vs System Extension

Supported platforms for Endpoint Security for Mac

macOS Catalina

Problem for MDM Managed Macs
Because of SKEL, the kernel extensions of ENSM Threat Prevention – on-access scan, Firewall, and Self-Protection, aren’t allowed to load without end-user consent.

Enrollment in MDM automatically disables SKEL with macOS 10.13.3 and earlier. In this case, end-user consent isn’t needed to enable the ENSM Threat Prevention – on-access scan, Firewall, and Self-Protection features.

Starting with macOS 10.13.4, enrolling in MDM doesn’t automatically disable SKEL. The McAfee kernel extensions have to be added in the Kernel Extension Policy payload, to load without end-user user consent.

For more information, see the following Apple articles:
Apple article HT208019
Apple article HT208488
Below are the details for use in the Kernel Extension Policy payload:

McAfee Team Identifier: GT8P3H7SPW

Bundle Identifiers:


You can also download and import the profile configuration file. The file is included in the Attachment section of this article.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top
Share via
Copy link